CVE-2026-7186

🗓️ 08 Jun 2026 12:05:28Reported by CheckmkType

Stored XSS in URL dashboard widget lets dangerous URI schemes run scripts for other users with edit rights.

Reporter	Title	Published	Views	Family All 2
Cvelist	CVE-2026-7186 Fix stored XSS in URL dashboard widget via dangerous URI schemes	8 Jun 202612:05	–	cvelist
NVD	CVE-2026-7186	8 Jun 202613:16	–	nvd

CNA

Node

checkmk checkmkRange2.5.0–2.5.0p5

checkmk checkmkRange2.4.0–2.4.0p31

checkmk checkmkRange2.3.0–2.3.0p48

checkmk checkmkMatch2.2.0

[
  {
    "defaultStatus": "unaffected",
    "product": "Checkmk",
    "vendor": "Checkmk GmbH",
    "versions": [
      {
        "lessThan": "2.5.0p5",
        "status": "affected",
        "version": "2.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.4.0p31",
        "status": "affected",
        "version": "2.4.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.3.0p48",
        "status": "affected",
        "version": "2.3.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "2.2.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
checkmk	www.checkmk.com/werk/17991

08 Jun 2026 13:16Current

CVSS 48.5

SSVC

CWE-79